hostapd + freeradius: unknown ca error

Svein Olav Bjerkeset svein.olav at bjerkeset.com
Sun Jan 12 10:37:36 EST 2014


Hi,

 

I am trying to set up hostapd with freeradius to be able to authenticate
wifi-users against a kerberos-repository. The radius/kerberos integration
seems to work since radtest succeeds using a kerberos-user.

 

However when hostapd contacts the radius server, it uses EAP-TLS, and after
some traffic back and forth, hostapd sends a fatal error back to the radius
server stating that the CA is unknown. I have tried to use the ca_cert
option in hostapd.conf and point it to the radius CA, but it did not resolve
the problem. I suspect this option is only used for the internal EAP server
of hostapd (which I do not use).

 

An strace of open and stat system calls for the hostpad process seems to
show that it does not try to open any file which are SSL-releated.

 

How can I tell hostapd which CAs to trust when using an external radius
server?

 

Best reagrds,

Svein Olav Bjerkeset

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.shmoo.com/pipermail/hostap/attachments/20140112/b0602674/attachment.htm>


More information about the HostAP mailing list